SpyHolesList Version:10.6 Build:7.70.0.170-64b28.02.2015 8:28:50 AMWinDir=C:\WindowsStartup=C:\Users\$unil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Common Startup=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 Home Premium (6.1.7601)Internet Explorer 9.11.9600.17633[Internet Explorer] [Default Home Page] :HKLM Default_Page_URL=http://go.microsoft.com/fwlink/p/?LinkId=255141 [Current Home Page] :HKCU Start Page=http://www.msn.com/?pc=BDT5&ocid=BDT5DHP [Current Home Page] :HKCU HOMEOldSP="" [Current Home Page] :HKCU Default_Page_URL="" [Current Home Page] :HKLM Start Page=http://go.microsoft.com/fwlink/p/?LinkId=255141 [Current Home Page] :HKLM HOMEOldSP="" [All Users Search] :HKLM Default_Search_URL=http://go.microsoft.com/fwlink/?LinkId=54896 [All Users Search] :HKLM Search Page=http://go.microsoft.com/fwlink/?LinkId=54896 [Current Users Search] :HKCU Default_Search_URL=http://www.google.com/ie [Current Users Search] :HKCU Search Page=http://www.google.com [Current Users Search] :HKCU Search Bar=http://www.google.com/ie [IE Local Blank Page] :HKCU Local Page=C:\Windows\system32\blank.htm [IE Local Blank Page] :HKLM Local Page="" [Browser Helper Objects] {0055C089-8582-441B-A0BF-17B458C2A3A8}=C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL ### IDM Browser Helper Object Internet Download Manager, Tonec Inc. Internet Download Manager Module 6, 21, 19, 1 [Browser Helper Objects] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE15\OCHELPER.DLL ### Microsoft Lync Microsoft Corporation Microsoft Office 2013 15.0.4667.1000 [Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\PROGRAM FILES (X86)\JAVA\JRE1.8.0_31\BIN\SSV.DLL ### Java(TM) Platform SE binary Oracle Corporation Java(TM) Platform SE 8 U31 8.0.310.13 [Browser Helper Objects] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL ### Microsoft Windows Live ID Login Helper Microsoft Corp. Microsoft CoReXT 7.250.4311.0 [Browser Helper Objects] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}=C:\PROGRAM FILES (X86)\SKYPE\TOOLBARS\INTERNET EXPLORER\SKYPEIEPLUGIN.DLL ### Skype Click to Call IE Add-on Microsoft Corporation Skype Click to Call 7.3.16540.9015 [Browser Helper Objects] {B4F3A835-0E21-4959-BA22-42B3008E02FF}=C:\PROGRA~2\MICROS~1\OFFICE15\URLREDIR.DLL ### Microsoft Office Document Cache Handler Microsoft Corporation Microsoft Office 2010 15.0.4569.1503 [Browser Helper Objects] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}=C:\PROGRA~2\MICROS~1\OFFICE15\GROOVEEX.DLL ### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [Browser Helper Objects] {DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\PROGRAM FILES (X86)\JAVA\JRE1.8.0_31\BIN\JP2SSV.DLL ### Java(TM) Platform SE binary Oracle Corporation Java(TM) Platform SE 8 U31 8.0.310.13 [Browser Helper Objects(x64)] {0055C089-8582-441B-A0BF-17B458C2A3A8}=C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMIECC64.DLL ### IDM Browser Helper Object Internet Download Manager, Tonec Inc. Internet Download Manager Module 6, 21, 19, 1 [Browser Helper Objects(x64)] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE15\OCHELPER.DLL ### Microsoft Lync Microsoft Corporation Microsoft Office 2013 15.0.4681.1000 [Browser Helper Objects(x64)] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL ### Microsoft Windows Live ID Login Helper Microsoft Corp. Microsoft CoReXT 7.250.4311.0 [Browser Helper Objects(x64)] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}=C:\PROGRAM FILES (X86)\SKYPE\TOOLBARS\INTERNET EXPLORER X64\SKYPEIEPLUGIN.DLL ### Skype Click to Call IE Add-on Microsoft Corporation Skype Click to Call 7.3.16540.9015 [Browser Helper Objects(x64)] {B4F3A835-0E21-4959-BA22-42B3008E02FF}=C:\PROGRA~1\MICROS~2\OFFICE15\URLREDIR.DLL ### Microsoft Office Document Cache Handler Microsoft Corporation Microsoft Office 2010 15.0.4569.1503 [Browser Helper Objects(x64)] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}=C:\PROGRA~1\MICROS~2\OFFICE15\GROOVEEX.DLL ### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [Auto Search URL] :HKCU provider="" [Auto Search URL] :HKCU "Default Value"=http://www.google.com/search?q=%s [Search Assistant] :HKCU SearchAssistant=http://www.google.com/ie [Search Assistant] :HKLM SearchAssistant="" [Search Assistant] :HKCU CustomizeSearch="" [Search Assistant] :HKLM CustomizeSearch="" [Search Provider] FD0CB2E5E18449388DD4E90914D02C63=https://www.google.com/search?q={searchTerms} ### Google [Search Provider] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}=https://www.google.com/search?q={searchTerms} [Search Provider] {56C9B745-6934-4704-9727-9BF4D6DFCEB0}=http://www.bing.com/search?FORM=BDT5DF&PC=BDT5&q={searchTerms}&src=IE-SearchBox ### Bing [Search Provider] {95B7759C-8C7F-4BF1-B163-73684A933233}=https://mysearch.avg.com/search?cid={943E2ED0-F4A3-4646-9ED0-67981E889677}&mid=00ce396fefa047cd9f21591a68f417fd-05cea823b9a5a7f38241b7bac0f31b0e6255d4a1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-21 14:49:52&v=4.1.0.404&pid=wtu&sg=&sap=dsp&q={searchTerms} ### AVG Secure Search [Search Provider] DefaultScope={56C9B745-6934-4704-9727-9BF4D6DFCEB0} [Search Provider for All Users] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ### Bing [Search Provider for All Users] DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [Search Provider for All Users(x64)] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ### Bing [Search Provider for All Users(x64)] DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [Search Provider(x64)] FD0CB2E5E18449388DD4E90914D02C63=https://www.google.com/search?q={searchTerms} ### Google [Search Provider(x64)] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}=https://www.google.com/search?q={searchTerms} [Search Provider(x64)] {56C9B745-6934-4704-9727-9BF4D6DFCEB0}=http://www.bing.com/search?FORM=BDT5DF&PC=BDT5&q={searchTerms}&src=IE-SearchBox ### Bing [Search Provider(x64)] {95B7759C-8C7F-4BF1-B163-73684A933233}=https://mysearch.avg.com/search?cid={943E2ED0-F4A3-4646-9ED0-67981E889677}&mid=00ce396fefa047cd9f21591a68f417fd-05cea823b9a5a7f38241b7bac0f31b0e6255d4a1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-21 14:49:52&v=4.1.0.404&pid=wtu&sg=&sap=dsp&q={searchTerms} ### AVG Secure Search [Search Provider(x64)] DefaultScope={56C9B745-6934-4704-9727-9BF4D6DFCEB0} [CustomizeSearch] :HKLM CustomizeSearch="" [URLSearchHook] :HKCU {CFBFAE00-17A6-11D0-99CB-00C04FD64497}=C:\WINDOWS\SYSWOW64\IEFRAME.DLL ### Internet Browser Microsoft Corporation Internet Explorer 11.00.9600.17631 [Search URL Template] :HKLM 1="" [Search URL Template] :HKLM 2="" [Search URL Template] :HKLM 3="" [Search URL Template] :HKLM 4="" [Default Prefix] :HKLM "Default Value"=http:// [URL Default Prefixes] :HKLM mosaic=http:// [URL Default Prefixes] :HKLM www=http:// [URL Default Prefixes] :HKLM home=http:// [URL Default Prefixes] :HKLM ftp=ftp:// [AboutURLs] :HKLM blank=res://mshtml.dll/blank.htm [AboutURLs] :HKLM NoAdd-onsInfo=res://ieframe.dll/noaddoninfo.htm [AboutURLs] :HKLM InPrivate=res://ieframe.dll/inprivate_win7.htm [AboutURLs] :HKLM NavigationFailure=res://ieframe.dll/navcancl.htm [AboutURLs] :HKLM NoAdd-ons=res://ieframe.dll/noaddon.htm [AboutURLs] :HKLM Home=270 [AboutURLs] :HKLM PostNotCached=res://ieframe.dll/repost.htm [AboutURLs] :HKLM DesktopItemNavigationFailure=res://ieframe.dll/navcancl.htm [AboutURLs] :HKLM NavigationCanceled=res://ieframe.dll/navcancl.htm [AboutURLs] :HKLM SecurityRisk=res://ieframe.dll/securityatrisk.htm [User Style Sheet] :HKCU User Stylesheet="" [User Style Sheet] :HKCU Use My Stylesheet=0 [Execute unsigned ActiveX in My Computer Zone] :HKCU 1201=0 [Execute unsigned ActiveX in My Computer Zone] :HKLM 1201=1 [Execute unsigned ActiveX in Local Intranet Zone] :HKCU 1201=0 [Execute unsigned ActiveX in Local Intranet Zone] :HKLM 1201=3 [Execute unsigned ActiveX in Internet Zone] :HKCU 1201=3 [Execute unsigned ActiveX in Internet Zone] :HKLM 1201=3 [Links Toolbar] :HKCU LinksFolderName="" [IE Extensions - All Users] :HKLM {2670000A-7350-4f3c-8081-5663EE0C6C49} ### File is deleted or hidden by a rootkit or could not be located. [IE Extensions - All Users] :HKLM {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE15\OCHELPER.DLL ### Microsoft Lync Microsoft Corporation Microsoft Office 2013 15.0.4667.1000 [IE Extensions - All Users] :HKLM {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} ### File is deleted or hidden by a rootkit or could not be located. [IE Extensions - All Users] :HKLM {898EA8C8-E7FF-479B-8935-AEC46303B9E5}=C:\PROGRAM FILES (X86)\SKYPE\TOOLBARS\INTERNET EXPLORER\SKYPEIEPLUGIN.DLL ### Skype Click to Call IE Add-on Microsoft Corporation Skype Click to Call 7.3.16540.9015 [Context menu items] :HKCU Add to Google Photos Screensa&ver=res://C:\Windows\system32\GPhotos.scr/200 ### File is deleted or hidden by a rootkit or could not be located. [Context menu items] :HKCU Download all links with IDM=C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IEGETALL.HTM [Context menu items] :HKCU Download with IDM=C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IEEXT.HTM [Context menu items] :HKCU E&xport to Microsoft Excel=res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 ### File is deleted or hidden by a rootkit or could not be located. [Context menu items] :HKCU Se&nd to OneNote=res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 ### File is deleted or hidden by a rootkit or could not be located. [AutoConfigURL] :HKCU AutoConfigURL="" [Protocols Filter] :HKLM application/octet-stream=C:\Windows\system32\MSCOREE.DLL ### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft .NET Framework 4.0.40305.0 mscoree.dll [Protocols Filter] :HKLM application/x-complus=C:\Windows\system32\MSCOREE.DLL ### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft .NET Framework 4.0.40305.0 mscoree.dll [Protocols Filter] :HKLM application/x-msdownload=C:\Windows\system32\MSCOREE.DLL ### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft .NET Framework 4.0.40305.0 mscoree.dll [Protocols Filter] :HKLM text/xml=C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE15\MSOXMLMF.DLL ### Microsoft Office XML MIME Filter Microsoft Corporation Microsoft Office InfoPath 15.0.4569.1503 [Protocols Handler] :HKLM about=C:\WINDOWS\SYSWOW64\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM cdl=C:\WINDOWS\SYSWOW64\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM dvd=C:\WINDOWS\SYSWOW64\MSVIDCTL.DLL ### ActiveX control for streaming video Microsoft Corporation DirectShow 6.05.7600.16385 [Protocols Handler] :HKLM file=C:\WINDOWS\SYSWOW64\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM ftp=C:\WINDOWS\SYSWOW64\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM http=C:\WINDOWS\SYSWOW64\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM https=C:\WINDOWS\SYSWOW64\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM its=C:\WINDOWS\SYSTEM32\ITSS.DLL ### Microsoft InfoTech Storage System Library Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\itss.dll [Protocols Handler] :HKLM javascript=C:\WINDOWS\SYSWOW64\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM local=C:\WINDOWS\SYSWOW64\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM mailto=C:\WINDOWS\SYSWOW64\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM mhtml=C:\WINDOWS\SYSTEM32\INETCOMM.DLL ### Microsoft Internet Messaging API Resources Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17609 %SystemRoot%\system32\inetcomm.dll [Protocols Handler] :HKLM mk=C:\WINDOWS\SYSWOW64\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM ms-help={314111c7-a502-11d2-bbca-00c04f8ec294} [Protocols Handler] :HKLM ms-its=C:\WINDOWS\SYSTEM32\ITSS.DLL ### Microsoft InfoTech Storage System Library Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\itss.dll [Protocols Handler] :HKLM osf=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE15\MSOSB.DLL ### Microsoft Office 2013 component Microsoft Corporation Microsoft Office 2013 15.0.4635.1000 [Protocols Handler] :HKLM res=C:\WINDOWS\SYSWOW64\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM skypec2c=C:\PROGRAM FILES (X86)\SKYPE\TOOLBARS\INTERNET EXPLORER\SKYPEIEPLUGIN.DLL ### Skype Click to Call IE Add-on Microsoft Corporation Skype Click to Call 7.3.16540.9015 [Protocols Handler] :HKLM tv=C:\WINDOWS\SYSWOW64\MSVIDCTL.DLL ### ActiveX control for streaming video Microsoft Corporation DirectShow 6.05.7600.16385 [Protocols Handler] :HKLM vbscript=C:\WINDOWS\SYSWOW64\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer 11.00.9600.17631 [Protocols Handler] :HKLM wlmailhtml=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MAIL\MAILCOMM.DLL ### Windows Live Mail Microsoft Corporation Windows Live Mail 16.4.3528.0331 [Protocols Handler] :HKLM wlpg=C:\PROGRAM FILES (X86)\WINDOWS LIVE\PHOTO GALLERY\ALBUMDOWNLOADPROTOCOLHANDLER.DLL ### Photo Gallery Album Download Protocol Handler Microsoft Corporation Photo Gallery 16.4.3528.0331 [Proxy] :HKCU ProxyServer="" [Proxy] :HKCU ProxyEnable=0[Network Settings] [Hosts File Path] :HKLM DataBasePath=%SystemRoot%\System32\drivers\etc[Browsers] [Installed Browsers] FIREFOX.EXE=C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE ### Firefox Mozilla Corporation Firefox 35.0.1 [Installed Browsers] Google Chrome=C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE ### Default Browser Google Chrome Google Inc. Google Chrome 40.0.2214.115 [Installed Browsers] IEXPLORE.EXE=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ### Internet Explorer Microsoft Corporation Internet Explorer 11.00.9600.16428 [FireFox Components and Extensions] mozilla_cc@internetdownloadmanager.com=C:\Users\$unil\AppData\Roaming\IDM\idmmzcc5\ ### mozilla_cc@internetdownloadmanager.com IDM CC Files idmmzcc.jar idmhelper5.js idmmzcc.dll iIDMHelper5.xpt iIDMMzCC.xpt [FireFox Settings] :HKLM browser.startup.homepage="" [FireFox Settings] :HKLM browser.startup.homepage_override_url="" [FireFox Settings] :HKLM browser.search.selectedEngine="" [FireFox Settings] :HKLM browser.search.selectedEngine,S="" [FireFox Settings] :HKLM browser.search.defaultEnginename="" [FireFox Settings] :HKLM browser.search.defaultEnginename,S="" [FireFox Settings] :HKLM browser.search.order.1="" [FireFox Settings] :HKLM browser.search.order.1,S="" [FireFox Settings] :HKLM browser.search.defaulturl="" [FireFox Settings] :HKLM browser.newtab.url="" [FireFox Settings] :HKLM keyword.URL="" [FireFox Settings] :HKLM network.proxy.autoconfig_url="" [FireFox Settings] :HKLM network.proxy.type="" [FireFox Settings] :HKLM network.proxy.http="" [FireFox Settings] :HKLM network.proxy.http_port="" [Google Chrome Settings] :HKLM backup.homepage="" [Google Chrome Settings] :HKLM backup.session.urls_to_restore_on_startup="" [Google Chrome Settings] :HKLM session.startup_urls="" [Google Chrome Settings] :HKLM default_search_provider.icon_url="" [Google Chrome Settings] :HKLM default_search_provider.keyword="" [Google Chrome Settings] :HKLM default_search_provider.name="" [Google Chrome Settings] :HKLM default_search_provider.search_url="" [Google Chrome Settings] :HKLM default_search_provider.suggest_url="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.alternate_urls="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.favicon_url="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.keyword="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.short_name="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.url="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.suggest_url="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.new_tab_url="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.instant_url="" [Google Chrome Settings] :HKLM default_search_provider_data.template_url_data.image_url="" [Google Chrome Settings] :HKLM homepage="" [Google Chrome Settings] :HKLM session.urls_to_restore_on_startup="" [Google Chrome Addons] aapocclcgogkmnckokdopfmhonfmgoek=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 ### google slides: create and edit presentations [Google Chrome Addons] ahfgeienlihckogmohjhadlkjgocpleb=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\web_store ### web store: discover great apps, games, extensions and themes for google chrome. [Google Chrome Addons] aohghmighlieiainnegkcijnfilokake=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 ### google docs: create and edit documents [Google Chrome Addons] apdfllckaahabafndbhieahigkjlhalf=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0 ### google drive: google drive: create, share and keep all your stuff in one place. [Google Chrome Addons] blpcfgokakmgnkcojhhkbfbldkacnbeo=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0 ### youtube: the world's most popular online video community. [Google Chrome Addons] bofbpdmkbmlancfihdncikcigpokmdda=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofbpdmkbmlancfihdncikcigpokmdda\0.400_0 ### mysmartprice: get the best price on 10 million+ products across 100+ online stores. find more! save more! [Google Chrome Addons] coobgpohoikkiipiblmjeljniedjpjpf=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 ### google search: the fastest way to search the web. [Google Chrome Addons] dnhpdliibojhegemfjheidglijccjfmc=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\hotword_helper ### hotword helper: [Google Chrome Addons] eemcgdkfndhakfknompkggombfjjjeno=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\bookmark_manager ### bookmark manager: bookmark manager [Google Chrome Addons] ennkphjdgehloodpbhlhldgbnhmacadg=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\settings_app ### settings: settings [Google Chrome Addons] felcaaldnbdncclmgdcncolpebgiejap=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0 ### google sheets: create and edit spreadsheets [Google Chrome Addons] gfdkimpbcpahaombhbimeihdjnejgicl=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\feedback ### feedback: user feedback extension [Google Chrome Addons] jlhmfgmfgeifomenelglieieghnjghma=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.1_0 ### cisco webex extension: join webex meetings using google chrome [Google Chrome Addons] kmendfapggjehodndflmmgagdbamhnfd=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\cryptotoken ### cryptotokenextension: cryptotoken component extension [Google Chrome Addons] lifbcibllhkdhoafpjfnlhfpfgnpldfl=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0 ### skype click to call: skype click to call [Google Chrome Addons] mfehgcgbbipciphmccgaenjidiccnmng=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\cloud_print ### cloud print: cloud print [Google Chrome Addons] mfffpogegjflfpflabcdkioaeobkgjik=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\gaia_auth ### gaiaauthextension: gaia component extension [Google Chrome Addons] mgndgikekgjfcpckkfioiadnlibdjbkf=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\chrome_app ### chrome: a fast, simple, and secure web browser, built for the modern web. [Google Chrome Addons] neajdppkdcdipfabeoofebfddakdcjhd=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\network_speech_synthesis ### google network speech: component extension providing speech via the google network text-to-speech service. [Google Chrome Addons] nkeimhogjdpnpccoofpliimaahmaaome=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\hangout_services ### google+ hangouts: [Google Chrome Addons] nmmhkkegccagdldgiimedpiccmgmieda=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0 ### google wallet: google wallet for digital goods [Google Chrome Addons] pafkbggdmjlpgkdkcbjmhmfcdpncadgh=c:\program files (x86)\google\chrome\application\40.0.2214.115\resources\google_now ### google now: integrates google now into chrome. [Google Chrome Addons] pjkljhegncpnkpknbcohdijeoejaedia=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ### gmail: fast, searchable email with less spam. [Google Chrome Addons] bepbmhgboaologfdajaanbcjmnhjmhfn=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0 ### google voice search hotword (beta): Disabled [Google Chrome Addons] jeaohhlajejodfjadcponpnjgkiikocn=C:\Users\$unil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.21.16_1 ### idm integration module: Disabled [Google Chrome Addons] jeaohhlajejodfjadcponpnjgkiikocn=C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMGCEXT.CRX ### idm integration module: download files with internet download manager [Google Chrome Addons] lifbcibllhkdhoafpjfnlhfpfgnpldfl=C:\PROGRAM FILES (X86)\SKYPE\TOOLBARS\CHROMEEXTENSION\SKYPE_CHROME_EXTENSION.CRX ### skype click to call: skype click to call[Network Settings] [Domain Name] :HKLM Domain="" [Name Server] {22C889AD-0C24-43BC-806E-6504515D342B}=180.151.151.151 180.151.151.152 ### Network Card:Intel(R) Centrino(R) Advanced-N 6230 DHCPNameServer:180.151.151.151 180.151.151.152 DhcpDefaultGateway:192.168.0.1 DhcpServer:192.168.0.1 [WinSock2 Components] NLAapi.dll=C:\WINDOWS\SYSWOW64\NLAAPI.DLL ### Network Location Awareness 2 Microsoft Corporation Microsoft Windows Operating System 6.1.7601.18685 %SystemRoot%\SYSWOW64\NLAapi.dll [WinSock2 Components] napinsp.dll=C:\WINDOWS\SYSWOW64\NAPINSP.DLL ### E-mail Naming Shim Provider Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\SYSWOW64\napinsp.dll [WinSock2 Components] pnrpnsp.dll=C:\WINDOWS\SYSWOW64\PNRPNSP.DLL ### PNRP Name Space Provider Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\SYSWOW64\pnrpnsp.dll [WinSock2 Components] WLIDNSP.DLL=C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDNSP.DLL ### Microsoft Windows Live ID Namespace Provider Microsoft Corp. Microsoft CoReXT 7.250.4311.0 [WinSock2 Components] mswsock.dll=C:\WINDOWS\SYSWOW64\MSWSOCK.DLL ### Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\SYSWOW64\mswsock.dll [WinSock2 Components] winrnr.dll=C:\WINDOWS\SYSWOW64\WINRNR.DLL ### LDAP RnR Provider DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\SYSWOW64\winrnr.dll [WinSock2 Components] wshbth.dll=C:\WINDOWS\SYSWOW64\WSHBTH.DLL ### Windows Sockets Helper DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\SYSWOW64\wshbth.dll [WinSock2 Components] vsocklib.dll=C:\WINDOWS\SYSWOW64\VSOCKLIB.DLL ### VSockets Library VMware, Inc. VMware Tools 9.3.3 build-1141980 %windir%\SYSWOW64\vsocklib.dll [WinSock2 Components (x64)] NLAapi.dll=C:\WINDOWS\SYSNATIVE\NLAAPI.DLL ### Network Location Awareness 2 Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17964 %SystemRoot%\SYSNATIVE\NLAapi.dll [WinSock2 Components (x64)] napinsp.dll=C:\WINDOWS\SYSNATIVE\NAPINSP.DLL ### E-mail Naming Shim Provider Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\SYSNATIVE\napinsp.dll [WinSock2 Components (x64)] pnrpnsp.dll=C:\WINDOWS\SYSNATIVE\PNRPNSP.DLL ### PNRP Name Space Provider Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\SYSNATIVE\pnrpnsp.dll [WinSock2 Components (x64)] WLIDNSP.DLL=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDNSP.DLL ### Microsoft Windows Live ID Namespace Provider Microsoft Corp. Microsoft CoReXT 7.250.4311.0 [WinSock2 Components (x64)] mswsock.dll=C:\WINDOWS\SYSNATIVE\MSWSOCK.DLL ### Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\SYSNATIVE\mswsock.dll [WinSock2 Components (x64)] winrnr.dll=C:\WINDOWS\SYSNATIVE\WINRNR.DLL ### LDAP RnR Provider DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\SYSNATIVE\winrnr.dll [WinSock2 Components (x64)] wshbth.dll=C:\WINDOWS\SYSNATIVE\WSHBTH.DLL ### Windows Sockets Helper DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\SYSNATIVE\wshbth.dll [WinSock2 Components (x64)] vsocklib.dll=C:\WINDOWS\SYSNATIVE\VSOCKLIB.DLL ### VSockets Library VMware, Inc. VMware Tools 9.3.3 build-1141980 %windir%\SYSNATIVE\vsocklib.dll[Windows Shell] [Display Scrap's Extensions] :HKLM NeverShowExt="" [ScreenSaver] :HKCU SCRNSAVE.EXE="" ### File is deleted or hidden by a rootkit or could not be located. [System.ini] shell=explorer.exe [User Shell] :HKCU shell="" [Main File Extensions] :HKLM .exe="%1" %* [Main File Extensions] :HKLM .com="%1" %* [Main File Extensions] :HKLM .pif="%1" %* [Main File Extensions] :HKLM .bat="%1" %* [Main File Extensions] :HKLM .cmd="%1" %* [Main File Extensions] :HKLM .scr="%1" /S [Main File Extensions] :HKLM .txt=%SystemRoot%\system32\NOTEPAD.EXE %1 [Main File Extensions] :HKLM .reg=regedit.exe "%1" [Main File Extensions] :HKLM .inf=%SystemRoot%\system32\NOTEPAD.EXE %1 [Main File Extensions] :HKLM .ini=%SystemRoot%\system32\NOTEPAD.EXE %1 [Main File Extensions] :HKLM .js=C:\Windows\System32\WScript.exe "%1" %* [Main File Extensions] :HKLM .vbs="%SystemRoot%\System32\WScript.exe" "%1" %* [Main File Extensions] :HKLM .vbe="%SystemRoot%\System32\WScript.exe" "%1" %* [Main File Extensions] :HKLM .msc=%SystemRoot%\system32\mmc.exe "%1" %* [Main File Extensions] :HKLM .jpg=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [Main File Extensions] :HKLM .jpeg=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [UserInit Value] :HKLM UserInit=userinit.exe [Shell Services DelayLoad] :HKLM WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} [System Shell Policies] :HKCU shell="" [System Shell Policies] :HKLM shell="" [System Shell Policies] :HKCU run="" [System Shell Policies] :HKLM run="" [App Paths] :HKLM AcroRd32.exe=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe ### AcroRd32.exe Adobe Reader Adobe Systems Incorporated Adobe Reader 11.0.10.32 [App Paths] :HKLM chrome.exe=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ### chrome.exe Google Chrome Google Inc. Google Chrome 40.0.2214.115 [App Paths] :HKLM dvdmaker.exe=%ProgramFiles%\DVD Maker\dvdmaker.exe ### dvdmaker.exe [App Paths] :HKLM excel.exe=C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE ### excel.exe Microsoft Excel Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [App Paths] :HKLM firefox.exe=C:\Program Files (x86)\Mozilla Firefox\firefox.exe ### firefox.exe Firefox Mozilla Corporation Firefox 35.0.1 [App Paths] :HKLM fsquirt.exe ### fsquirt.exe [App Paths] :HKLM GROOVE.EXE=C:\PROGRA~1\MICROS~2\Office15\GROOVE.EXE ### GROOVE.EXE Microsoft OneDrive for Business Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [App Paths] :HKLM IEDIAG.EXE=C:\Program Files\Internet Explorer\IEDIAGCMD.EXE ### IEDIAG.EXE Diagnostics utility for Internet Explorer Microsoft Corporation Internet Explorer 11.00.9600.16428 [App Paths] :HKLM IEDIAGCMD.EXE=C:\Program Files\Internet Explorer\IEDIAGCMD.EXE ### IEDIAGCMD.EXE Diagnostics utility for Internet Explorer Microsoft Corporation Internet Explorer 11.00.9600.16428 [App Paths] :HKLM IEXPLORE.EXE=C:\Program Files\Internet Explorer\IEXPLORE.EXE ### IEXPLORE.EXE Internet Explorer Microsoft Corporation Internet Explorer 11.00.9600.16428 [App Paths] :HKLM infopath.exe=C:\PROGRA~1\MICROS~2\Office15\INFOPATH.EXE ### infopath.exe Microsoft InfoPath Microsoft Corporation Microsoft Office InfoPath 15.0.4569.1503 [App Paths] :HKLM install.exe ### install.exe [App Paths] :HKLM javaws.exe=C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe ### javaws.exe Java(TM) Web Start Launcher Oracle Corporation Java(TM) Platform SE 8 U31 8.0.310.13 [App Paths] :HKLM Journal.exe=%ProgramFiles%\Windows Journal\Journal.exe ### Journal.exe [App Paths] :HKLM LangSelector.exe=C:\Program Files (x86)\Windows Live\Installer\LangSelector.exe ### LangSelector.exe Windows Essentials Language Selection Microsoft Corporation Windows Essentials 16.4.3528.0331 [App Paths] :HKLM Lync.exe=C:\Program Files\Microsoft Office\Office15\Lync.exe ### Lync.exe Microsoft Lync Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [App Paths] :HKLM mip.exe=%CommonProgramFiles%\Microsoft Shared\Ink\mip.exe ### mip.exe [App Paths] :HKLM MovieMaker.exe=C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe ### MovieMaker.exe Movie Maker Microsoft Corporation Movie Maker 16.4.3528.0331 [App Paths] :HKLM mplayer2.exe=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe ### mplayer2.exe [App Paths] :HKLM MSACCESS.EXE=C:\PROGRA~1\MICROS~2\Office15\MSACCESS.EXE ### MSACCESS.EXE Microsoft Access Microsoft Corporation Microsoft Office 2013 15.0.4691.1000 [App Paths] :HKLM msoxmled.exe=C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLED.EXE ### msoxmled.exe Office XML Handler Microsoft Corporation Microsoft Office InfoPath 15.0.4569.1503 [App Paths] :HKLM MSPUB.EXE=C:\PROGRA~1\MICROS~2\Office15\MSPUB.EXE ### MSPUB.EXE Microsoft Publisher Microsoft Corporation Microsoft Office 2013 15.0.4691.1000 [App Paths] :HKLM OneNote.exe=C:\PROGRA~1\MICROS~2\Office15\ONENOTE.EXE ### OneNote.exe Microsoft OneNote Microsoft Corporation Microsoft OneNote 15.0.4693.1000 [App Paths] :HKLM OUTLOOK.EXE=C:\PROGRA~1\MICROS~2\Office15\OUTLOOK.EXE ### OUTLOOK.EXE Microsoft Outlook Microsoft Corporation Microsoft Outlook 15.0.4693.1000 [App Paths] :HKLM pbrush.exe=%SystemRoot%\System32\mspaint.exe ### pbrush.exe [App Paths] :HKLM powerpnt.exe=C:\PROGRA~1\MICROS~2\Office15\POWERPNT.EXE ### powerpnt.exe Microsoft PowerPoint Microsoft Corporation Microsoft Office 2013 15.0.4693.1002 [App Paths] :HKLM PowerShell.exe=%SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe ### PowerShell.exe [App Paths] :HKLM setup.exe ### setup.exe [App Paths] :HKLM sidebar.exe="%ProgramFiles%\Windows Sidebar\sidebar.exe" ### sidebar.exe [App Paths] :HKLM SnippingTool.exe=%SystemRoot%\system32\SnippingTool.exe ### SnippingTool.exe [App Paths] :HKLM table30.exe ### table30.exe [App Paths] :HKLM TabTip.exe=%CommonProgramFiles%\microsoft shared\ink\TabTip.exe ### TabTip.exe [App Paths] :HKLM vmplayer.exe=C:\Program Files (x86)\VMware\VMware Workstation\vmplayer.exe ### vmplayer.exe VMware Player VMware, Inc. VMware Workstation 10.0.2 build-1744117 [App Paths] :HKLM vmware.exe=C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe ### vmware.exe VMware Workstation VMware, Inc. VMware Workstation 10.0.2 build-1744117 [App Paths] :HKLM wab.exe=%ProgramFiles%\Windows Mail\wab.exe ### wab.exe [App Paths] :HKLM wabmig.exe=%ProgramFiles%\Windows Mail\wabmig.exe ### wabmig.exe [App Paths] :HKLM WinRAR.exe=C:\Program Files\WinRAR\WinRAR.exe ### WinRAR.exe WinRAR archiver Alexander Roshal WinRAR 5.10.3 [App Paths] :HKLM Winword.exe=C:\PROGRA~1\MICROS~2\Office15\WINWORD.EXE ### Winword.exe Microsoft Word Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [App Paths] :HKLM wlarp.exe=C:\Program Files (x86)\Windows Live\Installer\wlarp.exe ### wlarp.exe Windows Essentials Installer Microsoft Corporation Windows Essentials 16.4.3528.0331 [App Paths] :HKLM wlmail.exe=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe ### wlmail.exe Windows Live Mail Microsoft Corporation Windows Live Mail 16.4.3528.0331 [App Paths] :HKLM wlsettings.exe=C:\Program Files (x86)\Windows Live\Installer\wlsettings.exe ### wlsettings.exe Windows Essentials Settings Microsoft Corporation Windows Essentials 16.4.3528.0331 [App Paths] :HKLM wlstartup.exe=C:\Program Files (x86)\Windows Live\Installer\wlstartup.exe ### wlstartup.exe Windows Essentials Microsoft Corporation Windows Essentials 16.4.3528.0331 [App Paths] :HKLM WLXAlbumDownloadWizard.exe=C:\Program Files (x86)\Windows Live\Photo Gallery\WLXAlbumDownloadWizard.exe ### WLXAlbumDownloadWizard.exe Photo Gallery Download Wizard Microsoft Corporation Photo Gallery 16.4.3528.0331 [App Paths] :HKLM WLXPhotoGallery.exe=C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe ### WLXPhotoGallery.exe Photo Gallery Microsoft Corporation Photo Gallery 16.4.3528.0331 [App Paths] :HKLM wmplayer.exe=%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe ### wmplayer.exe [App Paths] :HKLM WORDPAD.EXE=C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\WORDPAD.EXE ### WORDPAD.EXE Windows Wordpad Application Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" [App Paths] :HKLM WRITE.EXE="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" ### WRITE.EXE [Prevents Display in Control Panel from running.] :HKCU NoDispCpl=0 [Disable Registry Tools] :HKCU DisableRegistryTools =0 [Internet Shortcuts] :HKLM C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Check for UnHackMe updates.lnk=HTTP://GREATIS.COM/UNHACKME.INI ### C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\UnHackMe\CHECKF~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\Desktop\UnHackMe.lnk=C:\Program Files (x86)\UnHackMe\Unhackme.exe ### C:\Users\$unil\Desktop\UnHackMe.lnk [User Shortcuts] :HKLM C:\Users\Public\Desktop\GeForce Experience.lnk=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe ### C:\Users\Public\Desktop\GEFORC~1.LNK [User Shortcuts] :HKLM C:\Users\Public\Desktop\Mozilla Firefox.lnk=C:\Program Files (x86)\Mozilla Firefox\firefox.exe ### C:\Users\Public\Desktop\MOZILL~1.LNK [User Shortcuts] :HKLM C:\Users\Public\Desktop\Skype.lnk=C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ### C:\Users\Public\Desktop\Skype.lnk [User Shortcuts] :HKLM C:\Users\Public\Desktop\VMware Workstation.lnk=C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe ### C:\Users\Public\Desktop\VMWARE~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\GOOGLE~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk=C:\Program Files (x86)\Internet Explorer\iexplore.exe ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\LAUNCH~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk=C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\MICROS~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk=C:\Program Files (x86)\Google\Picasa3\Picasa3.exe ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\PICASA~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\SHOWSD~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\USERPI~1\TaskBar\GOOGLE~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk=C:\Program Files (x86)\Internet Explorer\iexplore.exe ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\USERPI~1\TaskBar\INTERN~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk=C:\Program Files (x86)\Mozilla Firefox\firefox.exe ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\USERPI~1\TaskBar\MOZILL~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk=C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\VMWARE~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\WINDOW~1.LNK [User Shortcuts] :HKLM C:\Users\$unil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk=C:\Users\$unil\AppData\Roaming\uTorrent\uTorrent.exe ### C:\Users\$unil\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\TORREN~1.LNK [Print Monitors] :HKLM Local Port=C:\Windows\system32\LOCALSPL.DLL ### Local Spooler DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 localspl.dll [Print Monitors] :HKLM Microsoft Shared Fax Monitor=C:\Windows\system32\FXSMON.DLL ### Microsoft Fax Print Monitor Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 FXSMON.DLL [Print Monitors] :HKLM Standard TCP/IP Port=C:\Windows\system32\TCPMON.DLL ### Standard TCP/IP Port Monitor DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 tcpmon.dll [Print Monitors] :HKLM USB Monitor=C:\Windows\system32\USBMON.DLL ### Standard Dynamic Printing Port Monitor DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 usbmon.dll [Print Monitors] :HKLM WSD Port=C:\Windows\system32\WSDMON.DLL ### WSD Printer Port Monitor Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 WSDMon.dll [Shell Icon Overlay Handlers] :HKLM SkyDrive1={F241C880-6982-4CE5-8CF7-7085BA96DA5A} [Shell Icon Overlay Handlers] :HKLM SkyDrive2={A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} [Shell Icon Overlay Handlers] :HKLM SkyDrive3={BBACC218-34EA-4666-9D7A-C78F2274A524} [Shell Icon Overlay Handlers] :HKLM SkyDrivePro1 (ErrorConflict)=C:\PROGRA~2\MICROS~1\OFFICE15\GROOVEEX.DLL ### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [Shell Icon Overlay Handlers] :HKLM SkyDrivePro2 (SyncInProgress)=C:\PROGRA~2\MICROS~1\OFFICE15\GROOVEEX.DLL ### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [Shell Icon Overlay Handlers] :HKLM SkyDrivePro3 (InSync)=C:\PROGRA~2\MICROS~1\OFFICE15\GROOVEEX.DLL ### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft Office 2013 15.0.4693.1000 [Shell Icon Overlay Handlers] :HKLM EnhancedStorageShell=C:\WINDOWS\SYSTEM32\EHSTORSHELL.DLL ### Windows Enhanced Storage Shell Extension DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\EhStorShell.dll [Shell Icon Overlay Handlers] :HKLM SharingPrivate=C:\WINDOWS\SYSTEM32\NTSHRUI.DLL ### Shell extensions for sharing Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\ntshrui.dll [Context Menu Handlers] :HKLM BriefcaseMenu=C:\WINDOWS\SYSTEM32\SYNCUI.DLL ### Windows Briefcase Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\syncui.dll [Context Menu Handlers] :HKLM EPP={09A47860-11B0-4DA5-AFA5-26D86198A780} [Context Menu Handlers] :HKLM Open With=C:\WINDOWS\SYSTEM32\SHELL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\system32\shell32.dll [Context Menu Handlers] :HKLM Open With EncryptionMenu=C:\WINDOWS\SYSTEM32\SHELL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\system32\shell32.dll [Context Menu Handlers] :HKLM Sharing=C:\WINDOWS\SYSTEM32\NTSHRUI.DLL ### Shell extensions for sharing Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\ntshrui.dll [Context Menu Handlers] :HKLM WinRAR={B41DB860-64E4-11D2-9906-E49FADC173CA} [Context Menu Handlers] :HKLM WinRAR32=C:\PROGRAM FILES\WINRAR\RAREXT32.DLL ### WinRAR shell extension Alexander Roshal WinRAR 5.10.3 [Context Menu Handlers] :HKLM {90AA3A4E-1CBA-4233-B8BB-535773D48449}=C:\WINDOWS\SYSTEM32\SHELL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\system32\shell32.dll [Context Menu Handlers] :HKLM {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}=C:\WINDOWS\SYSTEM32\SHELL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\system32\shell32.dll[Kernel Auto Boot] [ActiveSetup] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}=C:\WINDOWS\SYSTEM32\UNREGMP2.EXE ### Microsoft Windows Media Player Setup Utility Microsoft Corporation Microsoft Windows Operating System 12.0.7600.16385 %SystemRoot%\system32\unregmp2.exe /ShowWMP [Auto Services] AdobeARMservice ### Internal Name: AdobeARMservice. Status: service is running. Actual File: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" * Adobe Acrobat Updater keeps your Adobe software up to date. Adobe Acrobat Update Service Adobe Systems Incorporated Adobe Acrobat Update Service 1.802.11.4130 [Auto Services] AERTFilters ### Internal Name: AERTFilters. Status: service is running. Actual File: C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe * Andrea filters APO access service (64-bit) Andrea Electronics Corporation APO Access Service (64-bit) [Auto Services] AMPPALR3 ### Internal Name: AMPPALR3. Status: service is running. Actual File: "C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe" * Intel Centrino Wireless Bluetooth + High Speed Service for Intel Wireless adapters Intel Centrino Wireless Bluetooth + High Speed Virtual Adapter Intel Corporation Intel Centrino Wireless Bluetooth High Speed 16.5.0.1 [Auto Services] AudioEndpointBuilder ### Internal Name: AudioEndpointBuilder. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted * Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] AudioSrv ### Internal Name: AudioSrv. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted * Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] BFE ### Internal Name: BFE. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork * The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] BingDesktopUpdate ### Internal Name: BingDesktopUpdate. Status: service is running. Actual File: "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" * Bing Desktop Update Service Bing Desktop updating service Microsoft Corp. Bing Desktop 1.3.470.0 [Auto Services] BITS ### Internal Name: BITS. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k netsvcs * Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] BTHSSecurityMgr ### Internal Name: BTHSSecurityMgr. Status: service is running. Actual File: "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" * Manages the 802.1x security between two Bluetooth(R) High Speed connections. Intel(R) BlueTooth(R) HS Security Manager Service Intel(R) Corporation Intel(R) BlueTooth(R) High Speed 15.6.0.0 [Auto Services] c2cautoupdatesvc ### Internal Name: c2cautoupdatesvc. Status: service is running. Actual File: "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service * Downloads and installs product updates. Updates Skype Click to Call Microsoft Corporation Skype Click to Call 7.3.16540.9015 [Auto Services] c2cpnrsvc ### Internal Name: c2cpnrsvc. Status: service is running. Actual File: "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service * Provides phone number recognition services. Phone Number Recognition (PNR) module Microsoft Corporation Skype Click to Call 7.3.16540.9015 [Auto Services] clr_optimization_v4.0.30319_32 ### Internal Name: clr_optimization_v4.0.30319_32. Status: service stopped. Actual File: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe * Microsoft .NET Framework NGEN .NET Runtime Optimization Service Microsoft Corporation Microsoft .NET Framework 4.0.30319.34209 [Auto Services] clr_optimization_v4.0.30319_64 ### Internal Name: clr_optimization_v4.0.30319_64. Status: service stopped. Actual File: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe * Microsoft .NET Framework NGEN .NET Runtime Optimization Service Microsoft Corporation Microsoft .NET Framework 4.0.30319.34209 [Auto Services] CryptSvc ### Internal Name: CryptSvc. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k NetworkService * Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] DcomLaunch ### Internal Name: DcomLaunch. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k DcomLaunch * The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] Dhcp ### Internal Name: Dhcp. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted * Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] Dnscache ### Internal Name: Dnscache. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k NetworkService * The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] DPS ### Internal Name: DPS. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork * The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] EFS ### Internal Name: EFS. Status: service is running. Actual File: C:\Windows\System32\lsass.exe * Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. Local Security Authority Process Microsoft Corporation Microsoft Windows Operating System 6.1.7601.18719 [Auto Services] eventlog ### Internal Name: eventlog. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted * This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] EventSystem ### Internal Name: EventSystem. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalService * Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] EvtEng ### Internal Name: EvtEng. Status: service is running. Actual File: "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" * Manages the event trace messages for all the Intel PROSet/Wireless Software components. Intel(R) PROSet/Wireless Event Log Service Intel(R) Corporation Intel(R) PROSet/Wireless 17, 14, 0, 0 [Auto Services] FontCache ### Internal Name: FontCache. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalService * Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] GfExperienceService ### Internal Name: GfExperienceService. Status: service is running. Actual File: "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" * NVIDIA GeForce Experience Service NVIDIA GeForce Experience Service NVIDIA Corporation NVIDIA GeForce Experience Service 1.0.0.1 [Auto Services] gpsvc ### Internal Name: gpsvc. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k GPSvcGroup * The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] gupdate ### Internal Name: gupdate. Status: service stopped. Actual File: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc * Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Google Installer Google Inc. Google Update 1.3.26.9 [Auto Services] IKEEXT ### Internal Name: IKEEXT. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k netsvcs * The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] iphlpsvc ### Internal Name: iphlpsvc. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k NetSvcs * Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] LanmanServer ### Internal Name: LanmanServer. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k netsvcs * Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] LanmanWorkstation ### Internal Name: LanmanWorkstation. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k NetworkService * Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] lmhosts ### Internal Name: lmhosts. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted * Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] MMCSS ### Internal Name: MMCSS. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k netsvcs * Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] MpsSvc ### Internal Name: MpsSvc. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork * Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] MsMpSvc ### Internal Name: MsMpSvc. Status: service is running. Actual File: "C:\Program Files\Microsoft Security Client\MsMpEng.exe" * Helps protect users from malware and other potentially unwanted software Antimalware Service Executable Microsoft Corporation Microsoft Malware Protection 4.7.0205.0 [Auto Services] nam ### Internal Name: nam. Status: service stopped. Actual File: "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe" * Establishes secure, authenticated WiFi or Ethernet connections for this computer. AnyConnect NAM Service Cisco Systems, Inc. Cisco AnyConnect Network Access Manager 3.1.04059 [Auto Services] NlaSvc ### Internal Name: NlaSvc. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k NetworkService * Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] nsi ### Internal Name: nsi. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalService * This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] NvNetworkService ### Internal Name: NvNetworkService. Status: service is running. Actual File: "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" * NVIDIA Network Service NVIDIA Network Service NVIDIA Corporation NVIDIA Network Service 2.2.0.50 [Auto Services] NvStreamSvc ### Internal Name: NvStreamSvc. Status: service is running. Actual File: "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" * Service for SHIELD Streaming NVIDIA Streamer Service NVIDIA Corporation NVIDIA Streamer 4.0.1000.0 [Auto Services] nvsvc ### Internal Name: nvsvc. Status: service is running. Actual File: "C:\Windows\system32\nvvsvc.exe" * Provides system and desktop level support to the NVIDIA display driver NVIDIA Driver Helper Service, Version 347.52 NVIDIA Corporation NVIDIA Driver Helper Service, Version 347.52 8.17.13.4752 [Auto Services] PcaSvc ### Internal Name: PcaSvc. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted * This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] PlugPlay ### Internal Name: PlugPlay. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k DcomLaunch * Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] Power ### Internal Name: Power. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k DcomLaunch * Manages power policy and power policy notification delivery. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] ProfSvc ### Internal Name: ProfSvc. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k netsvcs * This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] RegSrvc ### Internal Name: RegSrvc. Status: service is running. Actual File: "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" * Provides registry access to all Intel PROSet/Wireless Software components Intel(R) PROSet/Wireless Registry Service Intel(R) Corporation Intel(R) PROSet/Wireless 17, 14, 0, 0 [Auto Services] RpcEptMapper ### Internal Name: RpcEptMapper. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k RPCSS * Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] RpcSs ### Internal Name: RpcSs. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k rpcss * The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] SamSs ### Internal Name: SamSs. Status: service is running. Actual File: C:\Windows\system32\lsass.exe * The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. Local Security Authority Process Microsoft Corporation Microsoft Windows Operating System 6.1.7601.18719 [Auto Services] Schedule ### Internal Name: Schedule. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k netsvcs * Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] SENS ### Internal Name: SENS. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k netsvcs * Monitors system events and notifies subscribers to COM+ Event System of these events. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] ShellHWDetection ### Internal Name: ShellHWDetection. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k netsvcs * Provides notifications for AutoPlay hardware events. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] SkypeUpdate ### Internal Name: SkypeUpdate. Status: service stopped. Actual File: "C:\Program Files (x86)\Skype\Updater\Updater.exe" * Enables the detection, download and installation of updates for Skype. Skype Updater Service Skype Technologies Skype 7.0 [Auto Services] Spooler ### Internal Name: Spooler. Status: service is running. Actual File: C:\Windows\System32\spoolsv.exe * Loads files to memory for later printing Spooler SubSystem App Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] sppsvc ### Internal Name: sppsvc. Status: service stopped. Actual File: C:\Windows\system32\sppsvc.exe * Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. Microsoft Software Protection Platform Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] Stereo Service ### Internal Name: Stereo Service. Status: service is running. Actual File: "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" * Provides system support for NVIDIA Stereoscopic 3D driver Stereo Vision Control Panel API Server NVIDIA Corporation Stereo Vision Control Panel API Server 7.17.13.4752 [Auto Services] SysMain ### Internal Name: SysMain. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted * Maintains and improves system performance over time. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] Themes ### Internal Name: Themes. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k netsvcs * Provides user experience theme management. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] TrkWks ### Internal Name: TrkWks. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted * Maintains links between NTFS files within a computer or across computers in a network. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] UxSms ### Internal Name: UxSms. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted * Provides Desktop Window Manager startup and maintenance services Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] VMAuthdService ### Internal Name: VMAuthdService. Status: service is running. Actual File: "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" * Authorization and authentication service for starting and accessing virtual machines. VMware Authorization Service VMware, Inc. VMware Workstation 10.0.2 build-1744117 [Auto Services] VMnetDHCP ### Internal Name: VMnetDHCP. Status: service is running. Actual File: C:\Windows\system32\vmnetdhcp.exe * DHCP service for virtual networks. [Auto Services] VMUSBArbService ### Internal Name: VMUSBArbService. Status: service is running. Actual File: "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" * Arbitration and enumeration of USB devices for virtual machines VMware USB Arbitration Service VMware, Inc. VMware USB Arbitration Service 12.1.17 build-1637009 [Auto Services] VMware NAT Service ### Internal Name: VMware NAT Service. Status: service is running. Actual File: C:\Windows\system32\vmnat.exe * Network address translation for virtual networks. [Auto Services] Winmgmt ### Internal Name: Winmgmt. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k netsvcs * Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] Wlansvc ### Internal Name: Wlansvc. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted * The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] wlidsvc ### Internal Name: wlidsvc. Status: service is running. Actual File: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" * Enables Windows Live ID authentication. Microsoft Windows Live ID Service Microsoft Corp. Microsoft CoReXT 7.250.4311.0 [Auto Services] WMPNetworkSvc ### Internal Name: WMPNetworkSvc. Status: service is running. Actual File: "C:\Program Files\Windows Media Player\wmpnetwk.exe" * Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play Windows Media Player Network Sharing Service Microsoft Corporation Microsoft Windows Operating System 12.0.7600.16385 [Auto Services] wscsvc ### Internal Name: wscsvc. Status: service is running. Actual File: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted * The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] WSearch ### Internal Name: WSearch. Status: service is running. Actual File: C:\Windows\system32\SearchIndexer.exe /Embedding * Provides content indexing, property caching, and search results for files, e-mail, and other content. Microsoft Windows Search Indexer Microsoft Corporation Windows Search 7.00.7600.16385 [Auto Services] wuauserv ### Internal Name: wuauserv. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k netsvcs * Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] wudfsvc ### Internal Name: wudfsvc. Status: service is running. Actual File: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted * Creates and manages user-mode driver processes. This service cannot be stopped. Host Process for Windows Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 [Auto Services] ZeroConfigService ### Internal Name: ZeroConfigService. Status: service is running. Actual File: "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" * Manages the zero configuration service for all the Intel PROSet/Wireless Software components. Intel PROSet/Wireless Zero Configure Service Intel Corporation Intel(R) PROSet/Wireless 17, 14, 0, 0 [Svchost DLLs] :HKLM AeLookupSvc=C:\WINDOWS\SYSTEM32\AELUPSVC.DLL ### Application Experience Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\aelupsvc.dll [Svchost DLLs] :HKLM CertPropSvc=C:\WINDOWS\SYSTEM32\CERTPROP.DLL ### Microsoft Smartcard Certificate Propagation Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\certprop.dll [Svchost DLLs] :HKLM SCPolicySvc=C:\WINDOWS\SYSTEM32\CERTPROP.DLL ### Microsoft Smartcard Certificate Propagation Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\certprop.dll [Svchost DLLs] :HKLM lanmanserver=C:\WINDOWS\SYSTEM32\SRVSVC.DLL ### Server Service DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\srvsvc.dll [Svchost DLLs] :HKLM gpsvc=C:\WINDOWS\SYSTEM32\GPSVC.DLL ### Group Policy Client Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\gpsvc.dll [Svchost DLLs] :HKLM AudioSrv=C:\WINDOWS\SYSTEM32\AUDIOSRV.DLL ### Windows Audio Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\Audiosrv.dll [Svchost DLLs] :HKLM FastUserSwitchingCompatibility [Svchost DLLs] :HKLM Ias [Svchost DLLs] :HKLM Irmon [Svchost DLLs] :HKLM Nla [Svchost DLLs] :HKLM Ntmssvc [Svchost DLLs] :HKLM NWCWorkstation [Svchost DLLs] :HKLM Nwsapagent [Svchost DLLs] :HKLM Rasauto=C:\WINDOWS\SYSTEM32\RASAUTO.DLL ### Remote Access AutoDial Manager Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\rasauto.dll [Svchost DLLs] :HKLM Rasman=C:\WINDOWS\SYSTEM32\RASMANS.DLL ### Remote Access Connection Manager Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\rasmans.dll [Svchost DLLs] :HKLM Remoteaccess=C:\WINDOWS\SYSTEM32\MPRDIM.DLL ### Dynamic Interface Manager Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\mprdim.dll [Svchost DLLs] :HKLM SENS=C:\WINDOWS\SYSTEM32\SENS.DLL ### System Event Notification Service (SENS) Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\sens.dll [Svchost DLLs] :HKLM Sharedaccess=C:\WINDOWS\SYSTEM32\IPNATHLP.DLL ### Microsoft NAT Helper Components Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\ipnathlp.dll [Svchost DLLs] :HKLM SRService [Svchost DLLs] :HKLM Tapisrv=C:\WINDOWS\SYSTEM32\TAPISRV.DLL ### Microsoft Windows(TM) Telephony Server Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\tapisrv.dll [Svchost DLLs] :HKLM Wmi [Svchost DLLs] :HKLM WmdmPmSp [Svchost DLLs] :HKLM TermService=C:\WINDOWS\SYSTEM32\TERMSRV.DLL ### Remote Desktop Session Host Server Remote Connections Manager Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\System32\termsrv.dll [Svchost DLLs] :HKLM wuauserv=C:\WINDOWS\SYSTEM32\WUAUENG.DLL ### Windows Update Agent Microsoft Corporation Microsoft Windows Operating System 7.6.7600.320 %systemroot%\system32\wuaueng.dll [Svchost DLLs] :HKLM BITS=C:\WINDOWS\SYSTEM32\QMGR.DLL ### Background Intelligent Transfer Service Microsoft Corporation Microsoft Windows Operating System 7.5.7600.16385 %SystemRoot%\System32\qmgr.dll [Svchost DLLs] :HKLM ShellHWDetection=C:\WINDOWS\SYSTEM32\SHSVCS.DLL ### Windows Shell Services Dll Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\shsvcs.dll [Svchost DLLs] :HKLM LogonHours [Svchost DLLs] :HKLM PCAudit [Svchost DLLs] :HKLM helpsvc [Svchost DLLs] :HKLM uploadmgr [Svchost DLLs] :HKLM iphlpsvc=C:\WINDOWS\SYSTEM32\IPHLPSVC.DLL ### Service that offers IPv6 connectivity over an IPv4 network. Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\iphlpsvc.dll [Svchost DLLs] :HKLM msiscsi=C:\WINDOWS\SYSTEM32\ISCSIEXE.DLL ### iSCSI Discovery service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %systemroot%\system32\iscsiexe.dll [Svchost DLLs] :HKLM schedule=C:\WINDOWS\SYSTEM32\SCHEDSVC.DLL ### Task Scheduler Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %systemroot%\system32\schedsvc.dll [Svchost DLLs] :HKLM SessionEnv=C:\WINDOWS\SYSTEM32\SESSENV.DLL ### Remote Desktop Configuration service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\sessenv.dll [Svchost DLLs] :HKLM winmgmt=C:\WINDOWS\SYSTEM32\WBEM\WMISVC.DLL ### WMI Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\wbem\WMIsvc.dll [Svchost DLLs] :HKLM RemoteRegistry=C:\WINDOWS\SYSTEM32\REGSVC.DLL ### Remote Registry Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\regsvc.dll [Svchost DLLs] :HKLM WinHttpAutoProxySvc=C:\Windows\system32\WINHTTP.DLL ### Windows HTTP Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 winhttp.dll [Svchost DLLs] :HKLM sppuinotify=C:\WINDOWS\SYSTEM32\SPPUINOTIFY.DLL ### SPP Notification Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\sppuinotify.dll [Svchost DLLs] :HKLM netprofm=C:\WINDOWS\SYSTEM32\NETPROFM.DLL ### Network List Manager Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\netprofm.dll [Svchost DLLs] :HKLM WebClient=C:\WINDOWS\SYSTEM32\WEBCLNT.DLL ### Web DAV Service DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\webclnt.dll [Svchost DLLs] :HKLM Netman=C:\WINDOWS\SYSTEM32\NETMAN.DLL ### Network Connections Manager Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\netman.dll [Svchost DLLs] :HKLM AudioEndpointBuilder=C:\WINDOWS\SYSTEM32\AUDIOSRV.DLL ### Windows Audio Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\Audiosrv.dll [Svchost DLLs] :HKLM dot3svc=C:\WINDOWS\SYSTEM32\DOT3SVC.DLL ### Wired AutoConfig Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\dot3svc.dll [Svchost DLLs] :HKLM WPDBusEnum=C:\WINDOWS\SYSTEM32\WPDBUSENUM.DLL ### Portable Device Enumerator Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\wpdbusenum.dll [Svchost DLLs] :HKLM wlansvc=C:\WINDOWS\SYSTEM32\WLANSVC.DLL ### Windows WLAN AutoConfig Service DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\wlansvc.dll [Svchost DLLs] :HKLM PLA=C:\WINDOWS\SYSTEM32\PLA.DLL ### Performance Logs & Alerts Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %systemroot%\system32\pla.dll [Svchost DLLs] :HKLM RpcSs=C:\WINDOWS\SYSTEM32\RPCSS.DLL ### Distributed COM Services Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\system32\rpcss.dll [Svchost DLLs] :HKLM BthHFSrv [Svchost DLLs] :HKLM LmHosts=C:\WINDOWS\SYSTEM32\LMHSVC.DLL ### TCPIP NetBios Transport Services DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\lmhsvc.dll [Svchost DLLs] :HKLM wscsvc=C:\WINDOWS\SYSTEM32\WSCSVC.DLL ### Windows Security Center Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\wscsvc.dll [Svchost DLLs] :HKLM WPCSvc=C:\WINDOWS\SYSTEM32\WPCSVC.DLL ### WPC Filtering Service Microsoft Corporation Windows 1.0.0.1 %SystemRoot%\System32\wpcsvc.dll [Svchost DLLs] :HKLM SSDPSRV=C:\WINDOWS\SYSTEM32\SSDPSRV.DLL ### SSDP Service DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\ssdpsrv.dll [Svchost DLLs] :HKLM upnphost=C:\WINDOWS\SYSTEM32\UPNPHOST.DLL ### UPnP Device Host Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\upnphost.dll [Svchost DLLs] :HKLM SCardSvr=C:\WINDOWS\SYSTEM32\SCARDSVR.DLL ### Smart Card Resource Management Server Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\SCardSvr.dll [Svchost DLLs] :HKLM TBS=C:\WINDOWS\SYSTEM32\TBSSVC.DLL ### TBS Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\tbssvc.dll [Svchost DLLs] :HKLM QWAVE=C:\WINDOWS\SYSTEM32\QWAVE.DLL ### Windows NT Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %windir%\system32\qwave.dll [Svchost DLLs] :HKLM wcncsvc=C:\WINDOWS\SYSTEM32\WCNCSVC.DLL ### Windows Connect Now - Config Registrar Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\wcncsvc.dll [Svchost DLLs] :HKLM Power=C:\WINDOWS\SYSTEM32\UMPO.DLL ### User-mode Power Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\umpo.dll [Svchost DLLs] :HKLM PlugPlay=C:\WINDOWS\SYSTEM32\UMPNPMGR.DLL ### User-mode Plug-and-Play Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\umpnpmgr.dll [Svchost DLLs] :HKLM DcomLaunch=C:\WINDOWS\SYSTEM32\RPCSS.DLL ### Distributed COM Services Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\system32\rpcss.dll [Svchost DLLs] :HKLM CryptSvc=C:\WINDOWS\SYSTEM32\CRYPTSVC.DLL ### Cryptographic Services Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\cryptsvc.dll [Svchost DLLs] :HKLM DHCP=C:\WINDOWS\SYSTEM32\DHCPCORE.DLL ### DHCP Client Service Microsoft Corporation Microsoft Windows Operating System 6.1.7601.17514 %SystemRoot%\system32\dhcpcore.dll [Svchost DLLs] :HKLM DNSCache=C:\WINDOWS\SYSTEM32\DNSRSLVR.DLL ### DNS Caching Resolver Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\dnsrslvr.dll [Svchost DLLs] :HKLM NapAgent=C:\WINDOWS\SYSTEM32\QAGENTRT.DLL ### Quarantine Agent Service Run-Time Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\qagentRT.dll [Svchost DLLs] :HKLM nlasvc=C:\WINDOWS\SYSTEM32\NLASVC.DLL ### Network Location Awareness 2 Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\nlasvc.dll [Svchost DLLs] :HKLM WinRM=C:\WINDOWS\SYSTEM32\WSMSVC.DLL ### WSMan Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\WsmSvc.dll [Svchost DLLs] :HKLM WECSVC=C:\WINDOWS\SYSTEM32\WECSVC.DLL ### Event Collector Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\wecsvc.dll [Svchost DLLs] :HKLM StiSvc=C:\WINDOWS\SYSTEM32\WIASERVC.DLL ### Still Image Devices Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\wiaservc.dll [Svchost DLLs] :HKLM WcsPlugInService=C:\WINDOWS\SYSTEM32\WCSPLUGINSERVICE.DLL ### WcsPlugInService DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\WcsPlugInService.dll [Svchost DLLs] :HKLM AppIDSvc=C:\WINDOWS\SYSTEM32\APPIDSVC.DLL ### Application Identity Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\appidsvc.dll [Svchost DLLs] :HKLM Appinfo=C:\WINDOWS\SYSTEM32\APPINFO.DLL ### Application Information Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\appinfo.dll [Svchost DLLs] :HKLM AxInstSV=C:\WINDOWS\SYSTEM32\AXINSTSV.DLL ### ActiveX Installer Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\AxInstSV.dll [Svchost DLLs] :HKLM BDESVC=C:\WINDOWS\SYSTEM32\BDESVC.DLL ### BDE Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\bdesvc.dll [Svchost DLLs] :HKLM BFE=C:\WINDOWS\SYSTEM32\BFE.DLL ### Base Filtering Engine Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\bfe.dll [Svchost DLLs] :HKLM Browser=C:\WINDOWS\SYSTEM32\BROWSER.DLL ### Computer Browser Service DLL Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\browser.dll [Svchost DLLs] :HKLM bthserv=C:\WINDOWS\SYSTEM32\BTHSERV.DLL ### Bluetooth Support Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\bthserv.dll [Svchost DLLs] :HKLM defragsvc=C:\WINDOWS\SYSTEM32\DEFRAGSVC.DLL ### Microsoft\Disk Defragmenter Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %Systemroot%\System32\defragsvc.dll [Svchost DLLs] :HKLM DPS=C:\WINDOWS\SYSTEM32\DPS.DLL ### WDI Diagnostic Policy Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\dps.dll [Svchost DLLs] :HKLM EapHost=C:\WINDOWS\SYSTEM32\EAPSVC.DLL ### Microsoft EAPHost service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\System32\eapsvc.dll [Svchost DLLs] :HKLM EventSystem=C:\WINDOWS\SYSTEM32\ES.DLL ### COM+ Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %systemroot%\system32\es.dll [Svchost DLLs] :HKLM fdPHost=C:\WINDOWS\SYSTEM32\FDPHOST.DLL ### Function Discovery Provider host service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\fdPHost.dll [Svchost DLLs] :HKLM FDResPub=C:\WINDOWS\SYSTEM32\FDRESPUB.DLL ### Function Discovery Resource Publication Service Microsoft Corporation Microsoft Windows Operating System 6.1.7600.16385 %SystemRoot%\system32\fdrespub.dll [Svchost DLLs] :HKLM FontCache=C:\WINDOWS\SYSTEM32\FNTCACHE.DLL ### Windows Font Cache Service Microsoft Corporation Microsoft Windows Operating System 6.2.9200.16492 %SystemRoot%\system32\FntCache.dll [Svchost DLLs] :HKLM hids